Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Smells like a phish, is a fish?

from [Christopher Reed] Network Security [Permanent Link]
Subject: RE: Smells like a phish, is a fish?
Date: Thu, 27 Oct 2005 15:48:19 -0500 
I used the key provided by GoDaddy and the information it presented is
nothing more than you would receive through their WHOIS process.  In
fact, on the website, the instructions were that if I found an error, I
was to log in and fix it.  I was not logged in bu only using their
special key.

Christopher Reed
Web Applications Supervisor
Information Technology
City of Lubbock
creed@mail.ci.lubbock.tx.us
"The oxen are slow, but the earth is patient."


"Damhuis Anton" <DamhuisA@aforbes.co.za> 3:34 am 10/27/2005 >>>


Hi

But email is sent over an unencrypted link, thus any body could get
hold of the link, and by entering it, get access to the web site's
details (the account).

Something should always be kept secret, when sending logon information
via email.

So I don't think it is mitigating phishing, but possibly rather a way
to track their responses to the email.

Or am I understanding your statement incorrectly?

Regards
  Anton

-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezaf@breach.com] 
Sent: 27 October 2005 10:15
To: Andrew van der Stock; webappsec@securityfocus.com 
Subject: RE: Smells like a phish, is a fish?

...
provide you with a key in the e-mail, rather than asking for a login
might actually be a way to mitigate phishing.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Smells like a phish, is a fish?, Tom Stowell
Next by Date:  Re: Smells like a phish, is a fish?, Todd Hendricks
Previous by Thread:  RE: Smells like a phish, is a fish?, M. Burnett
Next by Thread:  RE: Smells like a phish, is a fish?, Tom Stowell
Indexes:  [Date] [Thread] [Top] [All Lists]